Setting Up Access to REST APIs

You must have the Advanced Authentication Tenant Administrator credentials to perform this action.

To allow users access to the REST APIs, you must create an authentication event in the Advanced Authentication service. This event specifies a Client ID and Client Secret to authenticate with the REST APIs. After you have established the client secret, you might want to update it according to your password rotation policies.

  1. Log in to the Advanced Authentication service.

  2. Click Events > New Event.

    For more information, see Configuring Events in the SaaS Administration Guide for Advanced Authentication.

  3. Specify a name for the Event.

    For example, enter REST API Event.

  4. For Event type, select OAuth2 / OpenID Connect.

  5. For Chains Used, select Password Only.

  6. Copy the Client secret for later use.

    You cannot view the Client secret after saving the event. However, you can reset the Client secret if you need.

  7. Click + to expand Advanced Settings, enable the following fields but leave the others disabled:

    • Enable Public Client

    • Use for Resource Owner Password Credentials

    • Enable Token Sharing

  8. Set Attribute Maps:

    localName="DN" clientName="name" accessToken="jwt"
localName="userRepository" clientName="auth_src_id" accessToken="jwt"
localName="userLastName" clientName="last_name" accessToken="jwt"
localName="userFirstName" clientName="first_name" accessToken="jwt"
localName="mail" clientName="email" accessToken="jwt"

    For more information, see Creating an OAuth 2.0/ OpenID Connect Event.

  9. Click Save.

  10. Select Events > Authenticators Management.

  11. Ensure Authenticators Management is set to ON for the following fields, and the rest disabled:

    • Is enabled

    • Allow basic authentication

    You must set the Event Type to Generic and Logon with expired password to Ask to change.

Configuring ArcSight SOAR

To configure ArcSight SOAR, perform the following steps:

  1. Log in to ArcSight as an admin user.

  2. Navigate to RESPOND > Configuration > REST Clients.

  3. Click the Create REST Client button to create a new REST Client.

  4. In the REST Client Editor window, specify details for the following fields, and click Save.

    Value Description
    Client ID This value will be automatically generated.
    Description Specify the description of the REST client.

    A client secret is created for this REST client and is displayed in the REST Client Details window.

  5. Note down the REST client secret along with the credentials as these would be needed whenever you call SOAR application using the REST API.

    Note:If you have lost the Client ID and Client Secret that you created for the REST client, then you can not call the SOAR application using the respective REST API. In such cases, you must create the REST Client credentials along with the Client Secret again.